OpenVPN for Linux, guidelines for installing and use / IT Administration Services / Updated 11.6.

2015

OpenVPN Linux

To use this VPN you need a strong authentication SMS-service activated. SMS-service is free of
charge.

More information about the strong authentication with VPN and how to activate the SMS-service:
http://www.oulu.fi/ict/node/28006.

1. Install following packages

Install following packages:

 curl
 openvpn

On distributions like Debian/Ubuntu install packages with command sudo apt-get install curl
openvpn. On distributions like Redhat/Centos/Fedora use command yum -y install curl openvpn.
You can also compile OpenVPN by yourself. Please use stable versions and configure it with
option --enable-password-save.

2. Download and extract support files

Download following file:

 openvpn-oulu.tar

Extract it as root with commands:

cd /
sudo tar xvf /path/to/openvpn-oulu.tar

It should create following files:

/etc/openvpn/
/etc/openvpn/ca.crt
/etc/openvpn/oulu.ovpn
/usr/local/sbin/openvpn-init.sh
/usr/local/sbin/openvpn-oulu.sh

3. Start VPN-tunnel

Run openvpn-oulu.sh as root.

Example on Debian based distributions:

sudo openvpn-oulu.sh

Script will ask your staff username and password to authenticate with SMS service
OpenVPN for Linux, guidelines for installing and use / IT Administration Services / Updated 11.6.2015

Authenticating to SMS service. Please give username and password.

Username: testuser
Enter host password for user 'testuser':
You should receive soon SMS message with one time password.
One time password: ****

Mon Apr 23 10:26:47 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL]
[PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Mon Apr 23 10:26:47 2012 NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
Mon Apr 23 10:26:52 2012 UDPv4 link local: [undef]
Mon Apr 23 10:26:52 2012 UDPv4 link remote: [AF_INET]193.166.29.134:1194
Mon Apr 23 10:26:52 2012 WARNING: this configuration may cache passwords in memory -- use
the auth-nocache option to prevent this
Mon Apr 23 10:26:52 2012 [gw029134.oulu.fi] Peer Connection Initiated with
[AF_INET]193.166.29.134:1194
Mon Apr 23 10:26:54 2012 ECHO-PULL:remote-cert-tls server
Mon Apr 23 10:26:54 2012 TUN/TAP device tun0 opened
Mon Apr 23 10:26:54 2012 /sbin/ifconfig tun0 130.231.168.4 pointopoint 130.231.168.1 mtu 1500
Mon Apr 23 10:26:54 2012 /usr/local/sbin/openvpn-dns.sh tun0 1500 1557 130.231.168.4
130.231.168.1 init
***Copying /etc/resolv.conf to /etc/resolv.conf.org and changing DNS servers***
***Press ctrl+c to disconnect VPN***
Mon Apr 23 10:26:55 2012 Initialization Sequence Completed

VPN connection to Universitys network is now ready.

If you have problems, please check ifconfig, routing table (netstat –rn) and firewall (iptables –list –
verbose --line-numbers).